I checked the security and encryption policies of three online backup services: Carbonite, IDrive, and Mozy. All three encrypt your files on your PC before uploading them via a secure socket layer (SSL) Internet connection. The files remain encrypted until you need them.

All three services use established encryption algorithms that are effectively bullet-proof--either Blowfish or AES. Without the key (in other words, the password), the files are inaccessible.

But as Melissa pointed out, some very well-protected servers have been hacked. As long as it's possible for someone at your online service to access your files, there's danger that someone with criminal intent will do so.

So all three of these services give you the option to use your own key rather than theirs. Since the service doesn't have access to this key (remember, the encryption and decryption happen on your computer), no one but you can read your files without cracking your password.

But this more secure option has its costs. Should you lose or forget your password, your backup is effectively toast; there will be no way for you to access it. Other features might also be unavailable. For instance, Carbonite's Anytime Anywhere Access only works with the company's key.

Here's something else to consider: Your files don't have to be online to be stolen. Both your computer and your local backup media are susceptible to physical theft and burglary.

That's why I recommend using a program like the free, open-source utility TrueCrypt to store your sensitive and private files in an encrypted vault. Your backup program will back up the vault rather than the files inside of it, adding protection against a stolen computer and a hacked online backup service.